Google, Facebook and other Internet companies disclose secret U.S. demands for data

By Brandon Bailey bbailey@mercurynews.com

Posted:
02/03/2014 01:18:12 PM PST

Updated:
02/03/2014 05:30:39 PM PST

For the first time, Google, Facebook and other leading Internet companies issued reports Monday about previously secret U.S. government demands for their users' data, while renewing their call for reform of surveillance programs that have become a major source of friction between Silicon Valley and Washington, D.C.

The companies said the government's demands under the Foreign Intelligence Surveillance Act involved 59,000 or more Internet accounts in the first half of last year. Company officials said those numbers represent a small fraction of their hundreds of millions of users, and include many cases in which a single individual holds multiple accounts.

Stung by a series of news reports about government surveillance, based on documents leaked by former National Security Agency contractor Edward Snowden, the companies have been eager to show they hand over users' data only under narrow circumstances. The new reports were allowed under a legal settlement reached after several companies sued the government to loosen the rules that prevented them from disclosing such demands in the past.

Companies were previously allowed to report on certain types of requests, including those known as National Security Letters, but not demands issued under the FISA law. Even so, the recent settlement still requires the companies to describe the requests in broad categories and report the numbers in ranges of 1,000.

Advertisement

In addition, the reports don't reflect the whole picture of government surveillance, as Microsoft General Counsel Brad Smith acknowledged in a blog post Monday.

"Nothing in today's report minimizes the significance of efforts by governments to obtain customer data outside legal process," Smith wrote. Citing news reports about U.S. efforts to hack into the data cables between some companies' computer centers, Smith added, "this has been and remains a major concern across the tech sector."

In a separate statement, Google legal director Richard Salgado said his company will continue urging Congress to enact new rules that would let companies report in more detail, and also require the government to issue its own public reports about surveillance efforts.

"We still believe more transparency is needed so everyone can better understand how surveillance laws work and decide whether or not they serve the public interest," Salgado added.

Google was the first leading Internet company to report on other types of government information demands, while Microsoft and others have followed suit in recent years.

In its report Monday, Google said it fielded between zero and 999 FISA requests involving 9,000 to 9,999 user accounts for the first half of 2013, the most recent period for reporting that was allowed under the government settlement. Those numbers involved requests for "content" from those accounts, as opposed to requests for user names, email addresses and headers, or other information often referred to as metadata.

All four companies reported much smaller numbers of requests for "noncontent," or metadata.

Two other companies used a different reporting method allowed under last week's settlement, which said companies could use ranges of 250 if they lumped FISA requests together with National Security Letters.

LinkedIn said Monday that it received between zero and 249 national security requests, of all kinds, for content from up to 249 user accounts. Apple reported the same range of numbers last week.

Civil liberties groups said the numeric ranges and other limits on disclosing specifics make it difficult to get a clear picture of the government's activities. But it may be possible to detect trends over time, said Nicole Ozer, technology and civil liberties policy director for the Northern California chapter of the American Civil Liberties Union.

While agreeing the reports are somewhat useful, attorney Nate Cardozo of the Electronic Frontier Foundation said they're misleading because they don't cover the government's other surveillance efforts. "This only shows requests when the government comes to the front door," he said, adding that the reports provide "a small, slightly blurry snapshot of a much bigger picture."